10GbE Hardware Recommendations
Mallard last edited by
I'd like to preface this by saying some of the requirements/requests are likely overkill. I prefer to build in overhead and like working my way from top to bottom in terms of performance.
I currently have 1Gb/s up/down connection and will possibly be upgraded to 2Gb/s in the near future. I'm currently thinking that I would like to use the pfSense box to handle the 10GbE connections which would include my personal PC, FreeNAS/RockStor NAS, a switch, and an AP. Additional devices would be connected via the switch. I'm planning on using Snort, Squid, OpenVPN and probably a few others as I continue to dive in. The system will be rack mounted but would like to try to keep it relatively quiet. I'm currently in the process of planning out the entire network so comments on any of the pieces are appreciated.
heper last edited by
i have no knowledge of hardware below the $ridicilous dollar range that will do snort/openvpn at even 5gb/s .
also: rack hardware thats relatively quiet is hard to find - rack hardware that can push 10GbE, that is relatively quiet is probably non-existing.
heper last edited by
this could potentially get you well passed the 2gbit marker just doing NAT.
no clue what it would do when adding snort.
openvpn at 2gbit is probably impossible using freebsd at this time. this might improve when the next version of openvpn comes around (no clue when that'll be)
Guest last edited by
Take two D-Link DGS1510-20 Switches for the 10 GBit/s LAN routing and let the pfSense
being smaller and feed it with 2 x 1 GBit/s WAN connection. So the pfSense is powerful
enough for the WAN only routing and the switches will be sufficient enough for the LAN
Other wise and as suggested before the XG-1540 together with a Chelsio adapter will do this
job also for you.
Keljian last edited by
You will have more luck with suricata than snort at 10gbps. The former is multithreaded.
A Chelsio t420 + an i7 (1550/1551)or equivalent Xeon would do it for you. Just grab 6-8 gig of ram
You could look at some mikrotik switch gear if you are looking to save some $$